Risk Assessment —

Report: botnets sent over 80% of all June spam

Spam levels remained high in June of 2009, and botnets are behind a large …

There's a ton of spam on the Internet—we all are painfully aware of this already. However, what once required an actual person to send is increasingly being taken over by botnets. A new report (PDF) from Symantec's MessageLabs says that more than 80 percent of all spam sent today comes from botnets, despite several recent shut-downs.

According to MessageLabs' June report, spam accounted for 90.4 percent of all e-mail sent in the month of June—this was roughly unchanged since May. Botnets, however, sent about 83.2 percent of that spam, with the largest spam-wielding botnet being Cutwail. Cutwail is described as "one of the largest and most active botnets" and has doubled its size and output per bot since March of this year. As a result, it is now responsible for 45 percent of all spam, with others like Mega-D, Xarvester, Donbot, Grum, and Rustock making up much of the difference.

The security firm says that many of the smaller botnets send spam through various webmail accounts, making it appear as if a real person was sending the messages. In this sense, there could be an even higher percentage of spam with botnets behind it.

Other items of interest in the MessageLabs report were the fact that instant messenger spam containing links to malware were on the rise, and that image spam continues to grow. Researchers had noted earlier this year that image spam was making a comeback after almost going extinct in 2008, and now MessageLabs says that it accounts for between 8 and 10 percent of all intercepted spam. "Almost certainly sent from a botnet, the emails often contain no hyperlinks," reads the report. "The spammers’ website names are frequently included in the content of the images."

It's clear that botnet activity is not going to slow down anytime soon, despite some high-profile shutdowns in recent months. Spam took a bit of a nosedive after McColo was taken offline in the fall of 2008 and there was even a bit of a dip when Pricewert was forced offline this year. The other botnets almost always make up for the loss of spam activity, however, and this will continue to be true until all those unsuspecting Internet users stop clicking through in hopes of getting great deals on erection drugs or weight loss pills.

Jacqui Cheng
Jacqui is an Editor at Large at Ars Technica, where she has spent the last eight years writing about Apple culture, gadgets, social networking, privacy, and more. Emailjacqui@arstechnica.com//Twitter@eJacqui